Adding twice encoded NULL byte to path allows .CFM file content disclosure.
vulners.com/securityvulns/securityvulns:doc:15667